I want to enable Java Security Manager in my server. But, by doing that, as stated in the question [1], it grants all permission to the OSGI bundles.
When trying to enable Security for OSGi bundles, it is mentioned that to grant all permission from the Java Security Manager. [2]
Does anyone know the actual reason for this configuration?
Can we use both Java Security Manager and OSGi security simultaneously when we have OSGi bundles as well as other jars and war files in the server?
[1] Enable Java Security Manager OSGi Equinox and Restrict Bundle Permissions
[2] https://felix.apache.org/documentation/subprojects/apache-felix-framework-security.html
When using Java security in an OSGi framework, you typically have the OSGi framework install and configure its own Security Manager. See Security Layer and Conditional Permission Admin. Permission Admin is the precursor to Conditional Permission Admin and it still fully supported.
The OSGi framework itself needs AllPermission due to the many functions it must perform and also because it must be able to assign permissions to installed bundles.
According to Permissions you can use the normal Java Security Manager with OSGi security but support for postponed conditions will not be possible.